CVE-2020-36432

Vulnerability

The alg_ds crate (version 0.3.1 and earlier, through 2020-08-25) contains a vulnerability in the Matrix::new() function. Internally, new() calls Matrix::fill_with(), which uses the *ptr = value pattern to initialize the buffer. This pattern assumes an initialized struct exists at the address and drops it, resulting in dropping uninitialized memory. This is undefined behavior in Rust [1][2][3].

Exploitation

An attacker does not require any special privileges or user interaction. The vulnerability is triggered simply by calling Matrix::new() with any type that implements Drop. The fill_with() method writes to uninitialized memory using assignment, causing the drop of uninitialized data. The issue is reachable without any specific configuration [2][3].

Impact

Dropping uninitialized memory leads to undefined behavior, which can manifest as memory corruption, information disclosure, or arbitrary code execution. The CVSS score is 9.8 (Critical) with network attack vector, low complexity, and no privileges required [1][3].

Mitigation

As of the latest advisory (June 2023), no patched version of alg_ds exists. The crate appears to be unmaintained. Users should avoid using this crate or replace it with an alternative. If usage is unavoidable, consider using MaybeUninit and ptr::write for manual initialization, but this requires modifying the crate's source code [2][3].